Created
August 20, 2013 01:21
-
-
Save philwinkle/6276076 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # So, you forgot to use logrotate and now you're staring at a 30GB system | |
| # log on your production server. | |
| # Never fear... | |
| # Tail an arbitrarily large number of bytes off the end of the thing. | |
| # This example takes approximately the last 5GB. | |
| tail -c 5000000000 system.log > ~/system.log.tmp | |
| # But, we only want the last month of log data. Let's find the line number | |
| # where this month's reporting starts. | |
| grep -m 1 -n 2013-08- system.log.tmp | |
| # Pretend that the line number you got back was 11108105. | |
| # You also need to know the total length of the file. | |
| wc -l system.log.tmp | |
| # Again, pretend the total file length was 12208454 lines. Now take the difference. | |
| 12208454 - 11108105 = 1100349 | |
| # So, to get just the last month's data, we tail one last time. | |
| # Note that I've incremented the difference I calculated by 1. | |
| tail -n 1100350 system.log.tmp > system.log.2.tmp | |
| # Now if only we could find every *unique* error, exception, warning, and notice | |
| # in the last month's data. Oh wait, we can... | |
| egrep 'Warning:|Notice:|Error:|Exception:' system.log.2.tmp | cut -c 36- | sort | uniq > system.log.3.tmp | |
| # Cheers :D - NWJ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment